USQ Vice Chairman, Leesa Soulodre was seen leading the conversation on reputation risk management at the recent Thomson Reuters 2nd Annual ASEAN Regulatory Summit.
As Chief Reputation Risk Officer and Managing Partner, RL Expert Group, she had the opportunity to collaborate with Ernst & Young Lead Partner Cybersecurity Asia Pacific,Paul O'Rourke, Counter-espionage Expert and Managing Director of Jayde Consulting,Julian Claxton, and Thomson Reuters Senior Editor, Patrick Fok to lead a Cyber Breach simulation.
The event triggered robust debate among the audience of senior governance, risk and compliance practitioners, and leaders from across the region.
Key takeouts from Paul O'Rourke, Lead Partner, Cyber Security Asia Pacific at Ernst and Young:
Key Takeouts from Expert Julian Claxton, Counter Espionage Jayde Consulting
2. What to do? Take Accountability. Often breaches are linked to other parties in your value chain who may have some level of contractual responsibility. However, there is significant research and market performance evidence that demonstrates that by laying blame at your 3rd parties or partners, this only serves to harm everyone involved and often can only delay the effective 1) execution of recovery and 2) stakeholder engagement.
A company is better to accept accountability, take ownership of all activities for effective execution and pursue the appropriate recourse/ compensation with third parties and partners at a later date. The faster the company is to apologize, to show empathy to its victims and to be seen to be addressing the issues so that it can never happen again, the more likely it is to preserve its reputational equity and retain its social license to operate.
3. What to assess? Expand enterprise risk management to include reputation risks and include a risk assessment process that includes factoring outrage and velocity. Modify your formula for risk assessment. Today given the interconnected of risks and a 24 x 7 x 365 news cycle: Risk = hazard + outrage + velocity x probability (Soulodre, 2014). In this context "outrage" can be assessed by using a proxy of the volume and velocity of negative expressed stakeholder sentiment (internal + external) measured by both weighted volume + variety.
If you enjoyed these takeouts, read the full 3 part series, that covers the highlights from the Cyber breach simulation delivered at the Thomson Reuters 2nd ASEAN Regulatory Summit in Singapore on the 1st September 2016. Part 1 covers the breach, Part 2 covers the ransom and Part 3 covers managing the fallout. If you enjoyed this series, Leesa will continue the discussion on cyber crime and data privacy at the Pan-Asian Regulatory Summit that is taking place on the 8th & 9th of November, 2016 at the Grand Hyatt in Hong Kong. For the full agenda and details on how to register, please visit the website.
We just sent you an email. Please click the link in the email to confirm your subscription!